[Xfce4-commits] [www/forum.xfce.org] 54/79: Update bad-behaviour.

noreply at xfce.org noreply at xfce.org
Tue May 21 14:48:49 CEST 2019 

This is an automated email from the git hooks/post-receive script.

s   k   u   n   n   y   k       p   u   s   h   e   d       a       c   o   m   m   i   t       t   o       b   r   a   n   c   h       o   l   d   f   o   r   u   m   
   in repository www/forum.xfce.org.

commit 0299fd8f3f9a47891cbde1b7af249c9a85cbff9f
Author: Nick Schermer <nick at xfce.org>
Date:   Mon Nov 28 22:12:55 2011 +0100

    Update bad-behaviour.
---
 include/bad-behavior/common_tests.inc.php | 2 +-
 include/bad-behavior/core.inc.php         | 4 ++--
 include/bad-behavior/searchengine.inc.php | 4 ++--
 include/bad-behavior/whitelist.inc.php    | 3 ++-
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/include/bad-behavior/common_tests.inc.php b/include/bad-behavior/common_tests.inc.php
index abff3a3..dd82d09 100644
--- a/include/bad-behavior/common_tests.inc.php
+++ b/include/bad-behavior/common_tests.inc.php
@@ -43,7 +43,7 @@ function bb2_misc_headers($settings, $package)
 	// Worse yet, some Javascript client-side apps do the same in
 	// blatant violation of the protocol and good sense.
 	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
-	if (strpos($package['request_uri'], "#") !== FALSE) {
+	if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
 		return "dfd9b1ad";
 	}
 	// A pretty nasty SQL injection attack on IIS servers
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 3fdaf06..915b866 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.1.13");
+define('BB2_VERSION', "2.1.15");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
@@ -142,7 +142,7 @@ function bb2_screen($settings, $package)
 				return $r;
 			}
 			return false;
-		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
+		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
 			require_once(BB2_CORE . "/searchengine.inc.php");
 			if ($r = bb2_google($package)) {
 				if ($r == 1) return false;	# whitelisted
diff --git a/include/bad-behavior/searchengine.inc.php b/include/bad-behavior/searchengine.inc.php
index 8a65b2b..cf8a5e8 100644
--- a/include/bad-behavior/searchengine.inc.php
+++ b/include/bad-behavior/searchengine.inc.php
@@ -6,7 +6,7 @@ require_once(BB2_CORE . "/roundtripdns.inc.php");
 
 function bb2_google($package)
 {
-	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19")) === FALSE) {
+	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
 		return "f1182195";
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
@@ -34,7 +34,7 @@ function bb2_msnbot($package)
 
 function bb2_yahoo($package)
 {
-	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14")) === FALSE) {
+	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
 		return '71436a15';
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index ac35af6..6f09e78 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -21,7 +21,8 @@ function bb2_whitelist($package)
 			$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
 		}
 		foreach ($whitelists['url'] as $url) {
-			if (!strcmp($request_uri, $url)) return true;
+			$pos = strpos($request_uri, $url);
+			if ($pos !== false && $pos == 0) return true;
 		}
 	}
 	return false;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Xfce4-commits mailing list